chore(deps): update node.js to v20.18.2 #162

Open

renovate-bot wants to merge 1 commits from renovate/node-20.x into main

pull from: renovate/node-20.x

merge into: kompetenzinventar:main

kompetenzinventar:main

kompetenzinventar:renovate/node-22.x

kompetenzinventar:renovate/sass-embedded-1.x

kompetenzinventar:renovate/sass-1.x

kompetenzinventar:renovate/major-9-linters

kompetenzinventar:renovate/linters

kompetenzinventar:renovate/lock-file-maintenance

kompetenzinventar:renovate/nginx-1.27-alpine

kompetenzinventar:renovate/core-js-3.x

kompetenzinventar:renovate/node-20.18.1-alpine

kompetenzinventar:ci-speedup

kompetenzinventar:lint-no-fix

kompetenzinventar:upgrade-dependencies

kompetenzinventar:fix-dockerfile

kompetenzinventar:feature/upgrade-dependencies

kompetenzinventar:configure-api-url-from-env

kompetenzinventar:gitea-registry

kompetenzinventar:docker-labels

kompetenzinventar:drone-config

kompetenzinventar:nginx-cacheing

kompetenzinventar:brain-patch-1

kompetenzinventar:feature/tag-trigger

kompetenzinventar:feature/realname

kompetenzinventar:fix/npm-update

kompetenzinventar:feature/#20-doppelte-kontaktmöglichkeiten

kompetenzinventar:availability

kompetenzinventar:fix/48-profile

kompetenzinventar:freitag

kompetenzinventar:feature/44-suchparameter-in-url

kompetenzinventar:feature-search

Conversation 0 Commits 1 Files Changed 2 +4 -4

renovate-bot commented 2025-01-22 18:37:10 +01:00

Member

Copy Link

This PR contains the following updates:

Package	Type	Update	Change
node	docker	patch	20.18.1-alpine -> 20.18.2-alpine
node	stage	patch	20.18.1-alpine -> 20.18.2-alpine

---

Release Notes

nodejs/node (node)

v20.18.2: 2025-01-21, Version 20.18.2 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2025-23083 - throw on InternalWorker use when permission model is enabled (High)
• CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
• CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

• CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

Commits

• [`df8b9f2c3e`](https://github.com/nodejs/node/commit/df8b9f2c3e)] - **(CVE-2025-22150)** **deps**: update undici to v6.21.1 (Matteo Collina) [nodejs-private/node-private#663](https://github.com/nodejs-private/node-private/pull/663)
  

• [`42d5821873`](https://github.com/nodejs/node/commit/42d5821873)] - **(CVE-2025-23084)** **path**: fix path traversal in normalize() on Windows (Tobias Nießen) [nodejs-private/node-private#555](https://github.com/nodejs-private/node-private/pull/555)
  

• [`8187a4b9bb`](https://github.com/nodejs/node/commit/8187a4b9bb)] - **src**: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS)
  

• [`389f239a28`](https://github.com/nodejs/node/commit/389f239a28)] - **(CVE-2025-23083)** **src,loader,permission**: throw on InternalWorker use (RafaelGSS) [nodejs-private/node-private#652](https://github.com/nodejs-private/node-private/pull/652)
  
  

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [node](https://github.com/nodejs/node) | docker | patch | `20.18.1-alpine` -> `20.18.2-alpine` | | [node](https://github.com/nodejs/node) | stage | patch | `20.18.1-alpine` -> `20.18.2-alpine` | --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v20.18.2`](https://github.com/nodejs/node/releases/tag/v20.18.2): 2025-01-21, Version 20.18.2 &#x27;Iron&#x27; (LTS), @&#8203;RafaelGSS [Compare Source](https://github.com/nodejs/node/compare/v20.18.1...v20.18.2) This is a security release. ##### Notable Changes - CVE-2025-23083 - throw on InternalWorker use when permission model is enabled (High) - CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium) - CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium) Dependency update: - CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium) ##### Commits - \[[`df8b9f2c3e`](https://github.com/nodejs/node/commit/df8b9f2c3e)] - **(CVE-2025-22150)** **deps**: update undici to v6.21.1 (Matteo Collina) [nodejs-private/node-private#663](https://github.com/nodejs-private/node-private/pull/663) - \[[`42d5821873`](https://github.com/nodejs/node/commit/42d5821873)] - **(CVE-2025-23084)** **path**: fix path traversal in normalize() on Windows (Tobias Nießen) [nodejs-private/node-private#555](https://github.com/nodejs-private/node-private/pull/555) - \[[`8187a4b9bb`](https://github.com/nodejs/node/commit/8187a4b9bb)] - **src**: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) - \[[`389f239a28`](https://github.com/nodejs/node/commit/389f239a28)] - **(CVE-2025-23083)** **src,loader,permission**: throw on InternalWorker use (RafaelGSS) [nodejs-private/node-private#652](https://github.com/nodejs-private/node-private/pull/652) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xNDIuNyIsInVwZGF0ZWRJblZlciI6IjM4LjE0Mi43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

renovate-bot added 1 commit 2025-01-22 18:37:11 +01:00

chore(deps): update node.js to v20.18.2 f3b3a3114a

renovate-bot force-pushed renovate/node-20.x from f3b3a3114a to 7922d09621 2025-01-22 21:37:10 +01:00 Compare

renovate-bot force-pushed renovate/node-20.x from 7922d09621 to e76b20f7b8 2025-01-23 00:37:44 +01:00 Compare

renovate-bot force-pushed renovate/node-20.x from e76b20f7b8 to b808d3597a 2025-01-23 03:37:06 +01:00 Compare

renovate-bot force-pushed renovate/node-20.x from b808d3597a to 157c851230 2025-01-23 06:37:07 +01:00 Compare

All checks were successful

Hide all checks

continuous-integration/drone/pr Build is passing

Required

Details

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions.

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/node-20.x:renovate/node-20.x

git checkout renovate/node-20.x

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something is not working

  

doing

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

ready

Bereit für Release

  

wontfix

This won't be fixed

No Label

bug

doing

duplicate

enhancement

help wanted

invalid

question

ready

wontfix

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: kompetenzinventar/ki-frontend#162

No description provided.